IT Trenches


October 9, 2008  3:56 PM

Virtual Enterprise VOIP panel discussion



Posted by: Troy Tate
administration, Cisco, DataCenter, design, education, howto, IP telephony, IT education, LAN, Monitoring, Networking, PSTN, risk, unified communications, VoIP, WAN

As you may have already read, I will not be attending the Enterprise VOIP event at CampIT Conferences in Chicago on 10/14. Well, I thought I would bring my portion of the discussion to you in this virtual panel discussion and maybe you and I both can gain some from this forum.

Some background on our environment: IP phone population – over 400, distributed at 4 sites, largest ~150, smallest 60; all Cisco

Why implement VOIP?

  • greenfield site – needed a phone system and VOIP made sense for a new site install to position for future
  • acquired company in process of implementing VOIP – came into a situation where an acquisition had purchased VOIP and I became owner of the implementation; had issues with chosen vendor and equipment lists; eventually came out successful but was not without its pain during implementation.
  • forward looking strategy – setup the company to have regional communication hubs for IP telephony; we have VOIP in North America, Europe and Asia now; this could permit us to leverage our WAN for toll bypass provided we build other local site infrastructure to support this technology.

Our biggest challenges:

  • users: they find the phones easy to use and very good features; however, there are some features like managing meet-me conference calling that they feel are too onerous so don’t take the time to use this cost-saving feature
  • administrators: setting up phones is an infrequent event so it is not a real simple task to setup a new phone; moves are made easier than traditional systems; troubleshooting skills are different since voice now is carried over the data network until it reaches a PSTN gateway

Best features:

  • dial another site using extensions rather than 10 digit or more dialing
  • “on phone” directory – can lookup another IP phone user’s extension directly on the phone rather than finding them on a piece of paper or website somewhere
  • easier conference calling than old system
  • mobile-phone like features: listing missed calls; call history log
  • moves are made easier; adds are a challenge since done infrequently

Desires for additional features/services:

  • video
  • more ringtones (must have been someone young and a heavy cell phone user)
  • integration with e-mail/web

What are the risks?

  • it’s challenging to implement in an “old school” infrastructure environment (flat network, no-vlans, hubs still in use, etc.) It takes lots of forethought and understanding VLAN’s, WAN links, need to update staff skills.
  • The network MUST be reliable or voice will suffer. Traditional phone companies have had 100+ years to make a bulletproof network.
  • Costs. It’s not cheap to implement this technology. You have to weigh the ability of the organization to support non-industry leading implementations versus choosing the best technology you can afford.
  • Maintenance. Upgrading the software in the servers, gateways and phones is much riskier than upgrading a traditional PBX environment.

What are the rewards?

  • It works!
  • It positions the organization to take advantage of other services provided that it is not simply an IT-led project but meets business requirements.

Feel free to add comments on your own experiences, concerns. This is a great forum and keep up the good work of information sharing!

October 9, 2008  3:00 PM

Alternatives to e-mail attachments – SharePoint is risky!



Posted by: Troy Tate
administration, Data security, DataManagement, design, email, Exchange, Firewalls, intellectual property, Networking, Policy, policy enforcement, risk, Security, SharePoint, Storage, vulnerability, website

I’m looking for some help on this topic and have posted a question to the ITKE community. Hopefully someone out there has had some experience with this service for your organization and can provide some valuable insight.

One group I participate in is a mailing list from SANS. If you have not attended a SANS event or education, then you should try to get to one of their events. They are one, if not, the premier non-vendor related security and systems administration group in the IT industry. I posed the same question to this peer group and have had some very good responses. Some suggestions for solutions have come back and include:

Microsoft Office SharePoint (http://www.microsoft.com/sharepoint/default.mspx)

OpenText – Livelink (http://www.opentext.com/2/sol-products/sol-pro-llecm10.htm)

Webex Connect – (http://webex.com/enterprise/index.html) (There are other flavors for small & medium business)

 Accellion – (http://www.accellion.com)

 

These are very interesting solutions and I will certainly be looking at all potential candidates. One thing that bothers me about the SharePoint option is its security capabilities. SharePoint is typically Microsoft Active Directory integrated. This has major security implications and in fact CSO magazine has posted a recent article on this topic. I recommend that you read the article and understand what risks the SharePoint solution may open for your organization.

Why Security Pros Hate Microsoft SharePoint

Microsoft’s SharePoint collaboration platform is all the rage in today’s business world, especially since third parties gained the ability to plug security holes. But managing it can still be a nightmare for IT security shops.

I am still looking for more references and ideas for this solution, so please share what you are doing for your organization and it will be much appreciated by me and other readers.


October 8, 2008  2:00 PM

Enterprise VOIP at CampIT Conference – Chicago 10/14/08



Posted by: Troy Tate
administration, awareness, DataCenter, design, education, howto, IP telephony, IT education, Networking, tools, unified communications, VoIP

Update: I will not be a panel member at the CampIT Conference on Enterprise VOIP being held in Chicago (Rosemont) on Tuesday, October 14. However, please try to attend this event if you are in the area and support the CampIT conferences group.

Per the CampIT Conference website:

 

According to leading industry analysts, 99% of enterprises have implemented IP Telephony.  Many made the decision to do so based on projected long term savings and increased efficiencies.  But what are the best ways to capitalize on your existing investment and prepare for the future?  How can you leverage your investments to provide new services that your business is asking for?

 

In this one day conference attendees will learn:

 

  • How to leverage IP telephony and unified communications (UC) to improve business processes
  • How to determine which UC services are the best fit for your organization
  • How to troubleshoot converged networks
  • How to determine if your IP converged network is vulnerable and what you can do about it
  • How to integrate mobility with UC
  • Advice from the experienced enterprise IT User: How IP telephony/UC users are maximizing their investment

The panel discussion will be at the end of the day so hopefully you will stick around for that part of the event. Even if you do not, the event will hopefully help you and your organization understand what VOIP or unified communications can do for sustained business value.


October 6, 2008  1:12 PM

Did you see this? – Process monitor now does TCP/UDP monitoring



Posted by: Troy Tate
administration, analysis, anti-virus, Data security, debugging, diagnostics, forensics, howto, internet, LAN, malware, Microsoft, Microsoft Windows, Monitoring, network analysis, Networking, packet capture, Performance, performance monitoring, recovery, reporting, research, Sandbox, Security, Sysinternals, toolkit, tools, troubleshooting

If you ever need to get under the covers of running Windows processes for investigating why a system is running slow, then the Sysinternals toolkit has an updated tool that will help you. Per the website:

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!


October 3, 2008  7:59 PM

Did you see this? – Open Source Tools University



Posted by: Troy Tate
administration, analysis, anti-virus, blog, blogging, Data security, debugging, design, diagnostics, Firewalls, forensics, howto, internet, IT education, LAN, Metrics, Monitoring, network analysis, Networking, packet capture, Performance, performance monitoring, podcast, reporting, research, Sandbox, Security, SSL, toolkit, tools, troubleshooting, WAN, wireshark

If you are like me, you like those little goodie tools like nmap and wireshark that do something that is actually pretty complex but do it well and have a great following. I just came across this website that I am going to have to take some time to go through and find all of the nuggets it offers. Hope you get some use out of it too and let us know what you discover and how it made your job easier.

LoveMyTool

There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org – A Survival Guide for Bootstrapping Entrepreneurs


October 3, 2008  3:25 PM

Did you see this? – Six things you should do on a decreasing IT budget



Posted by: Troy Tate
Data security

Still stuck with lowering IT budgets and increasing costs? Hear Laura Chappel’s six things you should do on a vanishing IT budget.

See and listen to the presentation here.


October 2, 2008  12:00 PM

My server is hung! What do I do? – debugging resources



Posted by: Troy Tate
administration, debugging, diagnostics, howto, Microsoft Windows, Performance, performance monitoring, recovery, reporting, server, toolkit, tools, troubleshooting

Debugging a dump from a hung server may not be something you do every day, so you may want to engage with a Microsoft debug expert, however with this information as your guide you may find that you can narrow down a problem and save yourself a call.

My Server is hung – what do I do?

http://blogs.msdn.com/ntdebugging/archive/2008/09/12/red-alert-my-server-is-hung-what-do-i-do.aspx

If you need additional background on debugging, this article can get you started:

Basics of Debugging Windows

http://blogs.msdn.com/ntdebugging/archive/2008/08/28/basics-of-debugging-windows.aspx

 ·  Collect a kernel dump:  http://support.microsoft.com/kb/244139

·  Set up the debugger:  http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

·  Know how to use the symbol server:  http://support.microsoft.com/kb/311503

Additional resources that you may find useful (including links to the tools, book recommendations, etc.):

·  Microsoft Debugging Tools

·  ADPlus – An automated way to use the cdb.exe to capture/create a usermode dump when a process hangs or crashes (more info – http://msdn.microsoft.com/en-us/library/cc265629.aspx or KB286350)

·  Public Symbols for Microsoft Operating Systems:

o Microsoft Public Symbol server : srv * DownstreamStore * http://msdl.microsoft.com/download/symbols

o   example: srv*c:\mysyms*http://msdl.microsoft.com/download/symbols

o   Microsoft Symbol packages http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d

·  Use !Analyze-v to gather additional information about the bugcheck and a bucket-id for your dump file.  The bucket-id can be submitted to Microsoft for review for similar crashes and resolutions.  Try using the Microsoft Online Crash Analysis to submit your crash dump bucket-id for possible follow up from Microsoft or for Microsoft to look for trends:  http://oca.microsoft.com/en/Welcome.aspx

·  For concepts, tools and information about the system architecture:  http://msdn.microsoft.com/en-us/default.aspx

·  Windows Internal 4th edition (by Mark E. Russinovich & David A. Solomon):  the whole book or Chapter 14 – Crash Dump Analysis

·  Advanced Windows Debugging (by Mario Hewardt & Daniel Pravat):  http://technet.microsoft.com/en-us/default.aspx

·  How to Access the User Mode Debugger from the Kernel Debugger

·  How can I find out why the Cluster Resource Monitor dumped – Access Violation

·  1394 Kernel Debugging Tips and Tricks [WinHEC 2004; 373 KB]

·  Debugging Windows Vista


October 1, 2008  8:03 PM

Financial Crisis & Technology Accelerators



Posted by: Troy Tate
administration, analysis, awareness, blog, financial analysis, government, homeland security, Metrics, risk, threshold, Wall Street, website

We all know that things in the US economy are bad right now. Looking back we wonder if anyone was thinking ahead and thinking “what-if” and managing the risk. Apparently no one was doing that and here we are today with the government working on a $700 billion bailout for some critical financial organizations to ensure the world credit market does not collapse.

Speaking of looking back, I was recently reading the book Good to Great by Jim Collins. This is a easy to read business management book with some very good nuggets. It was written in 2001 and focuses on several companies and what it took for them to exceed the general market and become what the researchers considered great companies. Some of the companies mentioned include Abbott, Circuit City, Fannie Mae, Kimberly-Clark…

Wait, did I just say Fannie Mae? Isn’t that one of the companies that is being bailed out by the US government? Why yes it is! Interesting… before 2001 Fannie Mae was considered a great company according to Mr. Collins and team. You are wondering how I am relating this to IT or technology. Well, one of the chapters in the book is titled “Technology Accelerators”. This chapter focuses on how do “good-to-great organizations think differently about technology?” The book says that Fannie Mae:

“Pioneered application of sophisticated algorithms and computer analysis to more accurately assess mortgage risk, thereby increasing economic denominator of profit per risk level. “Smarter” system of risk analysis increases access to home mortgages for lower-income groups, linking to passion for democratizing home ownership”

As we have seen, something must have changed since 2001. Fannie Mae is no longer considered a great company since it is in need of so much taxpayer help due to poor risk management. What did the company do with the technology that made them so great before 2001? Did they just modify some Excel spreadsheet and change the threshold so some cells that were red are now yellow or even green? Did they ignore the idea of managing mortgage risk to ensure that people could have the “dream come true” of home ownership?

I cannot answer that since I am not part of Fannie Mae or any financial institution. I just ponder what if they had continued to use technology effectively in addition to making less risky decisions if they would still be considered a great company.

One thought I want to leave you with is one of the unexpected findings by Mr. Collins and his research team about technology accelerators:

“The idea that technological change is the principle cause in the decline of once-great companies (or the perpetual mediocrity of others) is not supported by the evidence. Certainly, a company can’t remain a laggard and hope to be great, but technology by itself is never a primary root cause of either greatness or decline.”


September 30, 2008  1:34 PM

Did you see this? – Laura Chappell’s Troubleshooting & Security Summit



Posted by: Troy Tate
awareness, Data security, DataManagement, education, forensics, honeypot, howto, LAN, malware, Metrics, Monitoring, network analysis, Network TAPs, Networking, packet capture, Performance, performance monitoring, reporting, research, risk, Security, SSL, toolkit, tools, troubleshooting, WAN, wireshark

Maybe you already know Laura Chappell (The Viral Bitgirl), if not then this is your chance to meet her and gain loads of knowledge in 2 days.

On November 4-5, 2008 – Las Colinas, TX (near Dallas-Ft Worth airport) Laura will be holding a Troubleshooting and Security Summit.

In two full days you will walk away with more security, optimization and troubleshooting knowledge than you’d get after spending months in the field figuring this out.

Learn the best practices and most efficient tools to use to analyze wired and wireless network performance to optimize and secure network communications from Laura Chappell, Founder of Wireshark University and Protocol Analysis Institute. See the Summit 08 special pricing and group discount information below. Register today at www.chappellsummit.com.

Key points include:
* TCP Enhancements in Vista/Server 2008
* Faster File Transfers with SMBv1 vs. SMBv2
* Traffic Analysis between Virtualized Hosts
* Proven Techniques to Baseline the Network
* Latency Chokepoints
* Automatic Traffic Capture and Analysis
* Network Security and Forensics Procedures
* Key Points to Deploying Decoys
* Suspicious Traffic Signatures
* Handling Traffic Evidence

Bring Your Own Laptop (BYOL) Format
This hands-on lab-based course offers a series of demonstrations and individual hands-on labs to rapidly improve and expand your skill set. You will leave with your laptop loaded with tools, trace files and configured to improve network performance and security immediately after class.

GUEST SPEAKERS
*Gerald Combs, Creator of Wireshark – Must-Know Steps to Analyzing Virtualized Communications and the Future of Wireshark

* Tom Quilty, Cybercrime Investigator for BD Consulting and Investigation – Preparing for and Handling a Data Breach or Theft

Register Today – Seating is Limited
Register online at www.chappellsummit.com. Registration $1,295 – Early Bird $995 (ends midnight PDT Tuesday 9/30/08)

Group Discounts: Bring in two or more people from your company and receive $100 off each additional registration. Contact Brenda Czech at +1 408-378-7841 for more details.

Wireshark University Savings: Attendees receive the Wireshark University WSU03 Troubleshooting Network Communications self-paced course free with the student kits. Registered attendees also receive a 50%-off coupon on Wireshark University Self-Paced Courses.

Register today.
www.chappellsummit.com

If you go, please share some of the tips and tricks you gained with the ITKE population. Help spread the word!


September 24, 2008  2:07 PM

Did you see this? – Using Microsoft Excel for business functions



Posted by: Troy Tate
administration, CIO, financial analysis, howto, Microsoft, Microsoft Excel, Microsoft Windows, toolkit, tools

Came across a great free toolset for Excel today. It is called the Business Functions toolset. Here’s the PCWorld Editor’s review on the toolset:

Looking to use Excel to run your business? Then you’ll want this free add-in, which has 500 new functions to help with just about any business analysis, budgeting, or tracking you need. Need functions specifically for real estate, such as a variety of functions having to do with rent? It’s there. So are functions for other specific industries, as well as hundreds of general-purpose Excel functions as well.

There’s no need to run Business Functions separately from Excel; it integrates directly within it, and is available as menu options. No matter what you need for your business, there’s probably something for you, including a nifty time chart creator, and much more.

–Preston Gralla

You can find this useful download here.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: